Fixed creation of users + better frontend handling of permissions

backend/api/users/update.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"log"
 	"net/http"
 	"reflect"
 	"strings"
@@ -11,6 +12,9 @@ import (
 
 	"fr.latosa-escrima/core"
 	"fr.latosa-escrima/core/models"
+	"fr.latosa-escrima/utils"
+	"github.com/google/uuid"
+	"github.com/uptrace/bun"
 )
 
 type UpdateUserArgs struct {
@@ -20,9 +24,11 @@ type UpdateUserArgs struct {
 	Password   *string                `json:"password,omitempty"`
 	Phone      *string                `json:"phone,omitempty"`
 	Attributes *models.UserAttributes `json:"attributes"`
+	Roles      *[]models.Role         `json:"roles"`
 }
 
 func HandleUpdate(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
 	var updateArgs UpdateUserArgs
 	err := json.NewDecoder(r.Body).Decode(&updateArgs)
 	if err != nil {
@@ -33,13 +39,34 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	user_uuid := r.PathValue("user_uuid")
+	uid, err := uuid.Parse(user_uuid)
+	if err != nil {
+		return
+	}
 	var user models.User
+	err = core.DB.
+		NewSelect().
+		Model(&user).
+		Where("user_id = ?", user_uuid).
+		Relation("Roles").
+		Scan(ctx)
+	if err != nil {
+		core.JSONError{
+			Status:  core.Error,
+			Message: err.Error(),
+		}.Respond(w, http.StatusInternalServerError)
+		return
+	}
 	updateQuery := core.DB.NewUpdate().Model(&user)
 
+	rolesInsert := []*bun.InsertQuery{}
+	rolesRemoved := []*bun.DeleteQuery{}
+
 	val := reflect.ValueOf(updateArgs)
 	typ := reflect.TypeOf(updateArgs)
 
-	for i := 0; i < val.NumField(); i++ {
+	for i := range val.NumField() {
 		field := val.Field(i)
 		fieldname := typ.Field(i).Name
 
@@ -52,6 +79,37 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 		if field.IsValid() && !field.IsNil() && !field.IsZero() {
 			if fieldname == "Password" {
 				updateQuery.Set(fmt.Sprintf("%s = crypt(?, gen_salt('bf'))", strings.Split(tag, ",")[0]), field.Interface())
+			} else if fieldname == "Roles" {
+				_roles := field.Interface().(*[]models.Role)
+				if _roles == nil {
+					continue
+				}
+
+				currentRoles := utils.Map(user.Roles, func(role models.Role) uuid.UUID {
+					return role.ID
+				})
+
+				roles := utils.Map(*_roles, func(role models.Role) uuid.UUID {
+					return role.ID
+				})
+
+				log.Println(user.Roles)
+				toAdd, toRemove := utils.GetDiff(currentRoles, roles)
+				fmt.Println(toAdd, toRemove)
+
+				rolesInsert = utils.Map(toAdd, func(id uuid.UUID) *bun.InsertQuery {
+					userRole := models.UserToRole{
+						UserID: uid,
+						RoleID: id,
+					}
+					return core.DB.NewInsert().Model(&userRole).Ignore()
+				})
+
+				rolesRemoved = utils.Map(toRemove, func(id uuid.UUID) *bun.DeleteQuery {
+					return core.DB.NewDelete().Model((*models.UserToRole)(nil)).
+						Where("user_id = ? AND role_id = ?", uid, id)
+				})
+
 			} else {
 				updateQuery.Set(fmt.Sprintf("%s = ?", strings.Split(tag, ",")[0]), field.Interface())
 			}
@@ -61,11 +119,9 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 	// Always update the `updated_at` field
 	updateQuery.Set("updated_at = ?", time.Now())
 
-	uuid := r.PathValue("user_uuid")
 	_, err = updateQuery.
-		Where("user_id = ?", uuid).
-		Returning("*").
-		Exec(context.Background())
+		Where("user_id = ?", user_uuid).
+		Exec(ctx)
 
 	if err != nil {
 		core.JSONError{
@@ -75,6 +131,28 @@ func HandleUpdate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	for _, insert := range rolesInsert {
+		_, err = insert.Exec(ctx)
+		if err != nil {
+			core.JSONError{
+				Status:  core.Error,
+				Message: err.Error(),
+			}.Respond(w, http.StatusInternalServerError)
+			return
+		}
+	}
+
+	for _, remove := range rolesRemoved {
+		_, err = remove.Exec(ctx)
+		if err != nil {
+			core.JSONError{
+				Status:  core.Error,
+				Message: err.Error(),
+			}.Respond(w, http.StatusInternalServerError)
+			return
+		}
+	}
+
 	user.Password = ""
 
 	core.JSONSuccess{